Main Vulnerability Database Vulnerabilities #VU40262

Input validation error in Ivanti Connect Secure (formerly Pulse Connect Secure) - CVE-2016-4787

Published: May 26, 2016 / Updated: August 9, 2020

Vulnerability identifier: #VU40262

CSH Severity: High

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber

CVE-ID: CVE-2016-4787

CWE-ID: CWE-20

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Ivanti Connect Secure (formerly Pulse Connect Secure)

Software vendor:
Ivanti

Description

The vulnerability allows a remote non-authenticated attacker to #BASIC_IMPACT#.

Pulse Connect Secure (PCS) 8.2 before 8.2r1, 8.1 before 8.1r2, 8.0 before 8.0r10, and 7.4 before 7.4r13.4 allow remote attackers to read sensitive system authentication files in an unspecified directory via unknown vectors.

Remediation

Install update from vendor's website.

External links

http://www.securitytracker.com/id/1035932
https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40207

Input validation error in Ivanti Connect Secure (formerly Pulse Connect Secure) - CVE-2016-4787

Description

Remediation

External links

Please verify you're human